In the present context, the term ‘check’ is understood to mean an operation such as authenticating the electronic chip or identifying the electronic chip. Generally, a check of an electronic chip corresponds to any operation which allows a checking entity to verify that the electronic chip is able to prove the knowledge of a secret.
Such a check can be made in relation to an electronic passport or else to an RFID (‘Radio Frequency IDentification’) type tag.
Some of these checks are based on asymmetric cryptographic checking schemes using a public key and private key pair.
Known in particular is the identification system described in the document ‘About machine-readable travel documents’ by Vaudenay, S.; Vuagnoux, M. published in the Journal of Physics: Conference Series, Volume 77, Issue 1, pp. 012006 (2007), in July 2007, for which it is proposed to use protocols of ‘zero-knowledge’ type, that is to say which do not reveal any information about the users secret and thus a priori do not allow a potential attacker to follow the user.
However, the use of such protocols may reveal information about the public key associated with the user to this potential attacker even if the latter has no prior information in this regard. Thus, an attacker may obtain information about the user of such an electronic chip by listening to the exchanges of information between this electronic chip and a checking entity. Access to some of this information may allow an ill-intentioned person to undermine the private life of the user of such an electronic chip, for example by allowing him to retrace the movements of this electronic chip.
FIG. 1 illustrates an embodiment of the prior art. More precisely, in the document cited above, provision is made for the checking system to comprise an entity to be checked 12 on one side and a checking entity 11 on the other.
A public parameter of this system is denoted g, and corresponds to the generator of the set of values in which the calculations are performed. The entity to be checked 12 is furnished with a public key I and a secret key s. The public key I satisfies the following equation:I=gs 
The checking entity 11 generates a value cv in a random manner.
The checking entity 11 transmits a value γ arising from the random value cv to the entity to be checked 12.
The entity to be checked 12 generates a value r, and a value cp in a random manner.
Next, it transmits the following values to the checking entity 11:                x, which corresponds to gr; and        cp.        
The checking entity 11 then transmits the following values:                δ and cv         δ and γ being generated at the same time on the basis of the value cv.        
The entity to be checked checks the consistency of the values δ, γ and cv.
It thereafter transmits a value y satisfying:y=r+cs,                 where c=cp+cv         
On the other side, the checking entity 11 checks that the following equation is satisfied:gy=xIc 
Thus, by listening to the exchanges between the checking entity 11 and the entity to be checked 12, it is possible to obtain the value of Ic and of c according to the following equations:Ic=gy/x; and c=cv+cp 
Next, by listening again, it is possible to obtain a value I′c′ and c′.
Thereafter, if the following equation is satisfied, it is possible to deduce therefrom that the two listenings correspond to the same entity to be checked 12, and therefore reveals information relating to this entity to be checked:Icc′=I′c′c 
Thus, the use of protocols such as Schnorr, Fiat-Shamir or GPS (for Girault, Poupard and Stern) makes it possible to obtain information that one would, however, wish to keep secret.
Document WO 03/055134 describes a procedure aimed at checking, by a checking entity, an entity to be checked with which a secret key and a public key are associated. In this context, it is impossible to keep secret all information related to the entity to be checked.
The present invention is aimed at improving the situation.